OASIS Digital Signature Services (DSS) TC

I discussed the IPR policy issues with Surety's legal counsel, and based on this I would like to make the
following IP disclosure. It is a list of 8 United Stated Patents related to timestamping that can be found in
Section 5 of IETF RFC3161.

Of the patents listed above, the ones listing Haber & Stornetta as inventors are either owned or claimed by
my organization (Surety). For these patents, this disclosure is done according to Section 8.1 of the OASIS IPR
policy.

For the 3rd party patents (i.e. the ones not owned nor claimed by Surety), this disclosure is done according to
Section 8.2 of the OASIS IPR policy.

Submitted to OASIS on 6 May 2006
To: [OASIS]
From: John Messing, jmessing@law-on-line.com

Further to the IPR disclosure of 4 August 2003 which is posted on the DSS TC website, please be advised that the
following U.S. patents have issued to me:

Electronic signature method, US Patent No. 7,039,805

Electronic certificate signature program No. 6,745,327

As stated in the IPR disclosure of 4 August 2003, I re-affirm that if an OASIS Standard is adopted by OASIS
pursuant to the current DSS Technical Committee Charter, I will endeavor to license, for the purpose of
implementing and complying with the required portions of a resulting OASIS DSS Standard, patent rights to necessary
claims under reasonable and non-discriminatory terms and conditions to be established after such patent(s) are
issued and final.

As used herein, necessary claims are claims or portions of claims that are infringed because there is no
technically reasonable non-infringing alternative to infringement for implementing or complying with such DSS
standard.

Here is a patent submission that was filed both internationally and in Canada. I have enclosed just one as they
are the same. The TC has suggested that this patent be tabled with appropriate parties within OASIS.

AUTOMATIC FORM ACCESSING AND SUBMISSION SYSTEM AND METHOD
SYSTEME ET PROCEDE DE DEMANDE ET D'ENVOI AUTOMATIQUES DE FORMULAIRES

Abstract: "A system for accessing, processing and transmitting data files comprising: a data network (200); a
data base system (100) forming means for storing a plurality of data files (102) and being connected to the network
(200); at least one local processing system (300), a notary server (400), and at least one recipient system (500),
each local processing system, the notary server and each recipient system forming independent systems connected to
the network (200); the notary server (400), forming means for receiving a submitted data file (102) via the
network, and for transferring a submitted data file to a recipient system (500) with which the submitted data file
is associated, by means of software modules for reception (410), decryption (412), and file export (416), and,
wherein the notary server (400) further comprises software modules for user/sender verification (414), backup
memory (418) and a time stamp module (420)."

"A digital signature system is provided on a server for use by remote clients, such as by using a browser. The
server generates and maintains all of the users' keys used for producing a digital signature. A user sends a data
object to the server, and the server generates a digital signature for the data object using the private key stored
at the server. The server then sends the digital signature to the client. A client can, at a later time, send the
signature back to the server for verification. Filed April 23, 2001"

Upon reflection, I believe that I have one or more pending patent applications that may include claims related
to a DSS single private key signing use case. If an OASIS Standard incorporating the court filing contribution is
adopted by OASIS pursuant to the current DSS Technical Committee Charter, I will endeavor to license, for the
purpose of implementing and complying with the required portions of a resulting OASIS DSS Standard, patent rights
to necessary claims under reasonable and non-discriminatory terms and conditions to be established after such
patent(s) are issued and final.

As used herein, necessary claims are claims or portions of claims that are infringed because there is no
technically reasonable non-infringing alternative to infringement for implementing or complying with such DSS
standard.

The DSS TC has received the following notice regarding certain US and European patent applications (EU Ref:
03250672.7) in the name of Security & Standards Ltd.

To: [DSS TC]
From: John Ross, CEO, Security and Standards Ltd

I can confirm my company's agreement to you posting the notice in the IPR Statement section of the DSS TC.

In my capacity as CEO of Security and Standards Ltd, I can confirm that should any of the encumbered techniques
be included in an OASIS DSS standard that Security and Standards Ltd would offer reasonable and non-discriminatory
licenses.

As I mentioned at the last DSS meeting my company has developed a system for "sealing" data which is subject to
patent application. This incorpates features which relates to the choices within the DSS requirements document.